by N3nvy on Tue May 28, 2013 6:52 am ([msg=75819]see Re: Please ask questions ONLY in this topic.[/msg])

I found the hidden path straight away, and from there it was a simple Google search to what a SQL Injection was. The answer is given to you instantly on some sites, so keep looking until you find the right solution.

Skyfa11 wrote:Do I need to use classic sql injections or more advanced stuff for this.here's the website im using: http://www.sqlinjection.net/

That website has too much information for me to look over to tell you if it has the correct methodology for this type of attack. However, browsing through it explains how the attack of an sqli works in pretty good detail. You just need to keep in mind that anywhere the website is grabbing information from a database, it may be exploitable via sqli. Such as login fields, URL parameters, or even a regular form with seemingly unimportant data being stored into a database. This is a great opportunity to think outside of the box, and be creative with what you have learned so far about sqli.

I found the /update.php page, to enter the login data. There I did what is necessary to complete the message.

I love your stuff guys. But for learning it would be incredibly helpful to me if the statements you put in actually return data instead of just completeing the mission. Just wanted to add that as a feedback .

So... A colleague of mine is doing some of the realistic missions and I'm lending a hand whenever he gets too stuck. After about 3 hours on mission #2, he finally gave up and came to ask me for help.

It turns out that he'd followed the links to the gifs, then started working up the directory structure. The problem is, the images are linked directly to the real American Nazi party website and he's spent the last 3 hours trying to hack them...

As he's new 'round here, he assumed it was common for the "realistic" missions to have their own domains, etc. I wondered why he'd been saying things like "This is a very complex mockup"

Basiclife wrote:So... A colleague of mine is doing some of the realistic missions and I'm lending a hand whenever he gets too stuck. After about 3 hours on mission #2, he finally gave up and came to ask me for help.

It turns out that he'd followed the links to the gifs, then started working up the directory structure. The problem is, the images are linked directly to the real American Nazi party website and he's spent the last 3 hours trying to hack them...

As he's new 'round here, he assumed it was common for the "realistic" missions to have their own domains, etc. I wondered why he'd been saying things like "This is a very complex mockup"

hahaha, that's a great laugh right there. I suppose hackthissite should have those pictures stored and pulled locally instead.